CVE-2023-0016

Name of the Vulnerable Software and Affected Versions SAP BPC MS 10.0 version 810

Description The issue allows an unauthorized attacker to execute crafted database queries, potentially leading to SQL injection. This could enable an attacker to access, modify, and/or delete data from the backend database. The vulnerability is related to the lack of protection measures for the SQL query structure, which could allow a remote attacker to execute arbitrary SQL queries.

Recommendations For SAP BPC MS 10.0 version 810, consider restricting access to the database to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted database queries and ensure proper validation and sanitization of user input to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.